U.S. and Canadian cybersecurity agencies say Chinese-linked actors deployed "Brickstorm" malware to infiltrate critical infrastructure and maintain long-term access for potential sabotage. Reuters reports: The Chinese-linked hacking operations are the latest example of Chinese hackers targeting critical infrastructure, infiltrating sensitive networks and "embedding themselves to enable long-term access, disruption, and potential sabotage," Madhu Gottumukkala, the acting director of the Cybersecurity and Infrastructure Security Agency, said in an advisory signed by CISA, the National Security Agency and the Canadian Centre for Cyber Security. According to the advisory, which was published alongside a more detailed malware analysis report (PDF), the state-backed hackers are using malware known as "Brickstorm" to target multiple government services and information technology entities. Once inside victim networks, the hackers can steal login credentials and other sensitive information and potentially take full control of targeted computers.

In one case, the attackers used Brickstorm to penetrate a company in April 2024 and maintained access through at least September 3, 2025, according to the advisory. CISA Executive Assistant Director for Cybersecurity Nick Andersen declined to share details about the total number of government organizations targeted or specifics around what the hackers did once they penetrated their targets during a call with reporters on Thursday. The advisory and malware analysis reports are based on eight Brickstorm samples obtained from targeted organizations, according to CISA. The hackers are deploying the malware against VMware vSphere, a product sold by Broadcom's VMware to create and manage virtual machines within networks. [...] In addition to traditional espionage, the hackers in those cases likely also used the operations to develop new, previously unknown vulnerabilities and establish pivot points to broader access to more victims, Google said at the time.

An anonymous reader quotes a report from Reuters: Multiple divisions at Microsoft have lowered sales growth targets for certain artificial intelligence products after many sales staff missed goals in the fiscal year that ended in June, The Information reported on Wednesday. It is rare for Microsoft to lower quotas for specific products, the report said, citing two salespeople in the Azure cloud unit. The division is closely watched by investors as it is the main beneficiary of Microsoft's AI push. [...]

The Information report said Carlyle Group last year started using Copilot Studio to automate tasks such as meeting summaries and financial models, but cut its spending on the product after flagging Microsoft about its struggles to get the software to reliably pull data from other applications. The report shows the industry was in the early stages of adopting AI, said D.A. Davidson analyst Gil Luria. "That does not mean there isn't promise for AI products to help companies become more productive, just that it may be harder than they thought."

It's "a complex mix of internet access and physical execution," says the chief informance security officer at Cequence Security.

Long-time Slashdot reader schwit1 summarizes this article from The Wall Street Journal: By breaking into carriers' online systems, cyber-powered criminals are making off with truckloads of electronics, beverages and other goods

In the most recent tactics identified by cybersecurity firm Proofpoint, hackers posed as freight middlemen, posting fake loads to the boards. They slipped links with malicious software into email exchanges with bidders such as trucking companies. By clicking on the links, trucking companies unwittingly downloaded remote-access software that lets the hackers take control of their online systems.

Once inside, the hackers used the truckers' accounts to bid on real shipments, such as electronics and energy drinks, said Selena Larson, a threat researcher at Proofpoint. "They know the business," she said. "It's a very convincing full-scale identity takeover."
"The goods are likely sold to retailers or to consumers in online marketplaces," the article explains. (Though according to Proofpoint "In some cases, products are shipped overseas and sold in local markets, where proceeds are used to fund paramilitaries and global terrorists.")

"The average value of cargo thefts is increasing as organized crime groups become more discerning, preferring high-value targets such as enterprise servers and cryptocurrency mining hardware, according to risk-assessment firm Verisk CargoNet."

Australia warned it's in danger of missing its 2035 climate targets without deeper pollution cuts, which in turn threatens the nation's ambitions to reach net zero by mid-century. From a report: Emissions are set to fall 48% by 2035 from 2005 levels based on current projections [non-paywalled source], the government said in a report on Thursday. That's short of an official pledge to cut greenhouse gases between 62% and 70%. The forecast doesn't take into account new action planned under the nation's Net Zero Plan. Still, the targets remain achievable and officials plan to take additional measures to meet them, Minister for Climate Change and Energy Chris Bowen said in a speech to parliament.

The UK government will levy a pay-per-mile tax on electric and plug-in hybrid vehicles starting April 2028, UK's finance minister Rachel Reeves announced, a measure designed to offset some of the fuel duty revenue that will disappear as drivers shift away from petrol and diesel cars. Electric vehicles will be charged 3 pence per mile and plug-in hybrids 1.5 pence per mile, payable annually alongside car tax. An average driver covering 8,000 miles a year would pay around $320, roughly half what a petrol or diesel driver pays in fuel duty.

The Office for Budget Responsibility expects the tax to generate $1.45 billion in its first year and $2.51 billion by 2030-31, offsetting about a quarter of the revenue losses projected from the EV transition by 2050. The Society of Motor Manufacturers and Traders warned the new charge would "suppress demand" and make sales targets harder to achieve. New Zealand and Iceland have already introduced road pricing for EVs; demand dropped in the former but held steady in the latter.

The roughly 500 fiber-optic cables lying on the ocean floor carry more than 95% of all internet data -- not satellites, as many might assume -- and they face growing threats from natural disasters, terrorists and nation-states capable of disrupting global communications by dragging anchors or deploying submarines against the infrastructure.

The cables are protected by layers of copper, steel, and plastics, but they remain vulnerable at multiple points: earthquakes can disturb them on the seafloor, and the connections where cables meet land-based infrastructure present targets for bad actors. National actors including Russia, China and the US possess the capability to attack these cables.

A bipartisan Senate bill co-sponsored by Democrat Jeanne Shaheen and Republican John Barrasso is under consideration. The legislation would require a report to Congress within six months on Chinese and Russian sabotage efforts, mandate sanctions against foreign parties responsible for attacks, and direct the US to provide more resources for cable protection and repair.

A promotional video for Amazon's Kiro software development system took a unique approach, writes GeekWire. "Instead of product diagrams or keynote slides, a crew from Seattle's Packrat creative studio used action figures on a miniature set to create a stop-motion sequence..."

"Can the software development hero conquer the 'AI Slop Monster' to uncover the gleaming, fully functional robot buried beneath the coding chaos?" Kiro (pronounced KEE-ro) is Amazon's effort to rethink how developers use AI. It's an integrated development environment that attempts to tame the wild world of vibe coding... But rather than simply generating code from prompts [in "vibe mode"], Kiro breaks down requests into formal specifications, design documents, and task lists [in "spec mode"]. This spec-driven development approach aims to solve a fundamental problem with vibe coding: AI can quickly generate prototypes, but without structure or documentation, that code becomes unmaintainable...

The market for AI-powered development tools is booming. Gartner expects AI code assistants to become ubiquitous, forecasting that 90% of enterprise software engineers will use them by 2028, up from less than 14% in early 2024... Amazon launched Kiro in preview in July, to a strong response. Positive early reviews were tempered by frustration from users unable to gain access. Capacity constraints have since been resolved, and Amazon says more than 250,000 developers used Kiro in the first three months...

Now, the company is taking Kiro out of preview into general availability, rolling out new features and opening the tool more broadly to development teams and companies... During the preview period, Kiro handled more than 300 million requests and processed trillions of tokens as developers explored its capabilities, according to stats provided by the company. Rackspace used Kiro to complete what they estimated as 52 weeks of software modernization in three weeks, according to Amazon executives. SmugMug and Flickr are among other companies espousing the virtues of Kiro's spec-driven development approach. Early users are posting in glowing terms about the efficiencies they're seeing from adopting the tool... startups in most countries can apply for up to 100 free Pro+ seats for a year's worth of Kiro credits.
Kiro offers property-based testing "to verify that generated code actually does what developers specified," according to the article — plus a checkpointing system that "lets developers roll back changes or retrace an agent's steps when an idea goes sideways..."

"And yes, they've been using Kiro to build Kiro, which has allowed them to move much faster."

Every company would be affected if the AI bubble were to burst, the head of Google's parent firm Alphabet has told the BBC. From the report: Speaking exclusively to BBC News, Sundar Pichai said while the growth of artificial intelligence investment had been an "extraordinary moment", there was some "irrationality" in the current AI boom. It comes amid fears in Silicon Valley and beyond of a bubble as the value of AI tech companies has soared in recent months and companies spend big on the burgeoning industry.

Asked whether Google would be immune to the impact of the AI bubble bursting, Mr Pichai said the tech giant could weather that potential storm, but also issued a warning. "I think no company is going to be immune, including us," he said. In a wide-ranging exclusive interview at Google's California headquarters, he also addressed energy needs, slowing down climate targets, UK investment, the accuracy of his AI models, and the effect of the AI revolution on jobs.

"Google is going to court to help put an end to, or at least limit, the prevalence of phishing scams over text message," reports BGR: Google said it's bringing suit against Lighthouse, an impressively large operation that allegedly provides tools customers can buy to set up their own specialized phishing scams. All told, Google estimates that Lighthouse-affiliated scams in the U.S. have stolen anywhere between 12.7 million and 115 million credit cards. "Bad actors built Lighthouse as a phishing-as-a-service kit to generate and deploy massive SMS phishing attacks," Google notes. "These attacks exploit established brands like E-Z Pass to steal people's financial information."

Google's legal action is comprehensive and is intent on completely dismantling Lighthouse's operations. The search giant is bringing claims under RICO, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). RICO, which often comes up in movies and television shows, allows authorities to treat Lighthouse's phishing operation as a broad criminal enterprise as opposed to isolated scams. By using RICO, Google also expands the list of individuals who can be found liable, whether it be the people who started Lighthouse, the people who run it, or even unaffiliated customers who used the company's services. The Lanham Act, for those unaware, targets malicious actors who misappropriate well-known company trademarks in order to confuse consumers. This Lanham Act comes into play because many phishing scams masquerade as legitimate messages from companies like Amazon and FedEx. The Computer Fraud and Abuse Act, meanwhile, is relevant because scammers typically use stolen credentials to gain unauthorized access to financial systems, something the CFAA is designed to target...

The fact that Google is invoking all three of the acts above underscores how serious the company is about putting a stop to SMS-based scams. By using all three, Google's legal attack is more potent and also expands the range of available remedies to include civil damages and criminal penalties. In short, Google isn't merely trying to win a legal case; it's aiming to emphatically and permanently stop Lighthouse in its tracks.
Getting even more aggressive, Google says it's also working with the U.S. Congress to pass new anti-scammer legislation, and endorsed these three new bipartisan bills:

• The Scam Compound Accountability and Mobilization (SCAM) Act "would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds."

• The Foreign Robocall Elimination Act "would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers."

• The Guarding Unprotected Aging Retirees from Deception (GUARD) Act "would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. "

Thanks to Slashdot reader anderzole for sharing the article.

"The International Energy Agency's latest outlook signals that oil demand could keep growing through to the middle of the century," reports CNBC, "reflecting a sharp tonal shift from the world's energy watchdog and raising further questions about the future of fossil fuels." In its flagship World Energy Outlook, the Paris-based agency on Wednesday laid out a scenario in which demand for oil climbs to 113 million barrels per day by 2050, up 13% from 2024 levels. The IEA had previously estimated a peak in global fossil fuel demand before the end of this decade and said that, in order to reach net-zero emissions by 2050, there should be no new investments in coal, oil and gas projects... The IEA's end-of-decade peak oil forecast kick-started a long-running war of words with OPEC, an influential group of oil exporting countries, which accused the IEA of fearmongering and risking the destabilization of the global economy.

The IEA's latest forecast of increasing oil demand was outlined in its "Current Policies Scenario" — one of a number of scenarios outlined by the IEA. This one assumes no new policies or regulations beyond those already in place. The CPS was dropped five years ago amid energy market turmoil during the coronavirus pandemic, and its reintroduction follows pressure from the Trump administration... Gregory Brew, an analyst at Eurasia Group's Energy, Climate and Resources team, said the IEA's retreat on peak oil demand signified "a major shift" from the group's position over the last five years. "The justifications offered for the shift include policy changes in the U.S., where slow EV penetration indicates robust oil [consumption], but is also tied to expected increases in petrochemical and aviation fuel in East and Southeast Asia," Brew told CNBC by email. "It's unlikely the agency is adjusting based on political pressure — though there has been some of that, with the Trump administration criticizing the group's supposed bias in favor of renewable energy — and the shift reflects a broader skepticism that oil demand is set to peak any time soon," he added...

Alongside its CPS, the IEA also laid out projections under its so-called "Stated Policies Scenario" (STEPS), which reflects the prevailing direction of travel for the global energy system. In this assumption, the IEA said it expects oil demand to peak at 102 million barrels per day around 2030, before gradually declining. Global electric car sales are much stronger under this scenario compared to the CPS. The IEA said its multiple scenarios explore a range of consequences from various policy choices and should not be considered forecasts.
Thanks to Slashdot reader magzteel for sharing the news.

One of the most common viruses in the world could be the cause of lupus, an autoimmune disease with wide-ranging symptoms, according to a new study. From a report: Until now, lupus was somewhat mysterious: No single root cause of the disease had been found, and while there is no cure, there are medications that can treat it.

The research, published in the journal Science Translational Medicine, suggests that Epstein-Barr virus -- which 95% of people acquire at some point in life -- could cause lupus by driving the body to attack its own healthy cells.

It adds to mounting evidence that Epstein-Barr is associated with multiple long-term health issues, including other autoimmune conditions. As this evidence stacks up, scientists have accelerated calls for a vaccine that targets the virus.

"If we now better understand how this fastidious virus is responsible for autoimmune diseases, I think it's time to figure out how to prevent it," said Dr. Anca Askanase, clinical director of the Lupus Center at Columbia University, who wasn't involved in the new research.

China's state-sponsored hackers used AI technology from Anthropic to automate break-ins of major corporations and foreign governments during a September hacking campaign, the company said Thursday. From a report: The effort focused on dozens of targets and involved a level of automation that Anthropic's cybersecurity investigators had not previously seen, according to Jacob Klein, the company's head of threat intelligence.

Hackers have been using AI for years now to conduct individual tasks such as crafting phishing emails or scanning the internet for vulnerable systems, but in this instance 80% to 90% of the attack was automated, with humans only intervening in a handful of decision points, Klein said.

The hackers conducted their attacks "literally with the click of a button, and then with minimal human interaction," Klein said. Anthropic disrupted the campaigns and blocked the hackers' accounts, but not before as many as four intrusions were successful. In one case, the hackers directed Anthropic's Claude AI tools to query internal databases and extract data independently.

An anonymous reader quotes a report from The Atlantic: In China, you can buy a heavily discounted "used" electric car that has never, in fact, been used. Chinese automakers, desperate to meet their sales targets in a bitterly competitive market, sell cars to dealerships, which register them as "sold," even though no actual customer has bought them. Dealers, stuck with officially sold cars, then offload them as "used," often at low prices. The practice has become so prevalent that the Chinese Communist Party is trying to stop it. Its main newspaper, The People's Daily, complained earlier this year that this sales-inflating tactic "disrupts normal market order," and criticized companies for their "data worship."

This sign of serious problems in China's electric-vehicle industry may come as a surprise to many Americans. The Chinese electric car has become a symbol of the country's seemingly unstoppable rise on the world stage. Many observers point to their growing popularity as evidence that China is winning the race to dominate new technologies. But in China, these electric cars represent something entirely different: the profound threats that Beijing's meddling in markets poses to both China and the world.

Bloated by excessive investment, distorted by government intervention, and plagued by heavy losses, China's EV industry appears destined for a crash. EV companies are locked in a cutthroat struggle for survival. Wei Jianjun, the chairman of the Chinese automaker Great Wall Motor, warned in May that China's car industry could tumble into a financial crisis; it "just hasn't erupted yet." To bypass government censorship of bad economic news, market analysts have opted for a seemingly anodyne term to describe the Chinese car industry's downward spiral: involution, which connotes falling in on oneself.

An anonymous reader quotes a report from Ars Technica: ClickFix often starts with an email sent from a hotel that the target has a pending registration with and references the correct registration information. In other cases, ClickFix attacks begin with a WhatsApp message. In still other cases, the user receives the URL at the top of Google results for a search query. Once the mark accesses the malicious site referenced, it presents a CAPTCHA challenge or other pretext requiring user confirmation. The user receives an instruction to copy a string of text, open a terminal window, paste it in, and press Enter. Once entered, the string of text causes the PC or Mac to surreptitiously visit a scammer-controlled server and download malware. Then, the machine automatically installs it -- all with no indication to the target. With that, users are infected, usually with credential-stealing malware. Security firms say ClickFix campaigns have run rampant. The lack of awareness of the technique, combined with the links also coming from known addresses or in search results, and the ability to bypass some endpoint protections are all factors driving the growth.

The commands, which are often base-64 encoded to make them unreadable to humans, are often copied inside the browser sandbox, a part of most browsers that accesses the Internet in an isolated environment designed to protect devices from malware or harmful scripts. Many security tools are unable to observe and flag these actions as potentially malicious. The attacks can also be effective given the lack of awareness. Many people have learned over the years to be suspicious of links in emails or messengers. In many users' minds, the precaution doesn't extend to sites that instruct them to copy a piece of text and paste it into an unfamiliar window. When the instructions come in emails from a known hotel or at the top of Google results, targets can be further caught off guard. With many families gathering in the coming weeks for various holiday dinners, ClickFix scams are worth mentioning to those family members who ask for security advice. Microsoft Defender and other endpoint protection programs offer some defenses against these attacks, but they can, in some cases, be bypassed. That means that, for now, awareness is the best countermeasure. Researchers from CrowdStrike described in a report a campaign designed to infect Macs with a Mach-O executive. "Promoting false malicious websites encourages more site traffic, which will lead to more potential victims," wrote the researchers. "The one-line installation command enables eCrime actors to directly install the Mach-O executable onto the victim's machine while bypassing Gatekeeper checks."

Push Security, meanwhile, reported a ClickFix campaign that uses a device-adaptive page that serves different malicious payloads depending on whether the visitor is on Windows or macOS.

China's CO2 emissions have been flat or falling for 18 months, "adding evidence to the hope that the world's biggest polluter has managed to hit its target of peak CO2 emissions well ahead of schedule," reports the Guardian. From the report: Rapid increases in the deployment of solar and wind power generation -- which grew by 46% and 11% respectively in the third quarter of this year -- meant the country's energy sector emissions remained flat, even as the demand for electricity increased. China added 240GW of solar capacity in the first nine months of this year, and 61GW of wind, putting it on track for another renewable record in 2025. Last year, the country installed 333GW of solar power, more than the rest of the world combined. [...]

The analysis by the Centre for Research on Energy and Clean Air (Crea), for the science and climate policy website Carbon Brief, found China's CO2 emissions were unchanged from a year earlier in the third quarter of 2025, thanks in part to declining emissions in the travel, cement and steel industries. But China has a record of underpromising and overdelivering on climate targets. Li Shuo, the director of the China Climate Hub at the Asia Society Policy Institute, a US-based thinktank, said in a recent note that the latest Chinese climate targets should be seen as a baseline and not a ceiling.

A maintainer of Debian's Advanced Package Tool (APT) "has announced plans to introduce hard Rust dependencies into APT starting May 2026," reports the blog It's FOSS. The integration targets critical areas like parsing .deb, .ar, and tar files plus HTTP signature verification using Sequoia. [APT maintainer Julian Andres Klode] said these components "would strongly benefit from memory safe languages and a stronger approach to unit testing."

He also gave a firm message to maintainers of Debian ports: "If you maintain a port without a working Rust toolchain, please ensure it has one within the next 6 months, or sunset the port."

The reasoning is straightforward. Debian wants to move forward with modern tools rather than being held back by legacy architecture... Debian ports running on CPU architectures without Rust compiler support have six months to add proper toolchains. If they can't meet this deadline, those ports will need to be discontinued. As a result, some obscure or legacy platforms may lose official support. For most users on mainstream architectures like x86_64 and ARM, nothing changes. Your APT will simply become more secure and reliable under the hood.
It's FOSS argues that "If done right, this could significantly strengthen APT's security and code quality."

And the blog Linuxiac also supports the move. "By embedding Rust into APT, the distro joins a growing number of major open-source projects, such as the Linux kernel, Firefox, and systemd, that are gradually adopting Rust. And if I had to guess, I'd say this is just one of the first steps toward even deeper Rust integration in this legendary distribution, which is a good thing."

The Wall Street Journal looks at swarm robotics, where no single robot is in charge, robots interact only with nearby robots — and the swarm accomplishes complex tasks through simple interactions.

"Researchers say this approach could excel where traditional robots fail, like situations where central control is impractical or impossible due to distance, scale or communication barriers." For instance, a swarm of drones might one day monitor vast areas to detect early-stage wildfires that current monitoring systems sometimes miss... A human operator might set parameters like where to search, but the drones would independently share information like which areas have been searched, adjust search patterns based on wind and other weather data from other drones in the swarm, and converge for more complete coverage of a particular area when one detects smoke. In another potential application, a swarm of robots could make deliveries across wide areas more efficient by alerting each other to changing traffic conditions or redistributing packages among themselves if one breaks down. Robot swarms could also manage agricultural operations in places without reliable internet service. And disaster-response teams see potential for swarms in hurricane and tsunami zones where communication infrastructure has been destroyed.

At the microscopic scale, researchers are developing tiny robots that could work together to navigate the human body to deliver medication or clear blockages without surgery... In recent demonstrations, teams of tiny magnetic robots — each about the size of a grain of sand — cleared blockages in artificial blood vessels by forming chains to push through the obstructions. The robots navigate individually through blood vessels to reach a clog, guided by doctors or technicians using magnetic fields to steer them, says researcher J.J. Wie, a professor of organic and nano engineering at Hanyang University in South Korea. When they reach an obstruction, the robots coordinate with each other to team up and break through. Wie's group is developing versions of these robots that biodegrade after use, eliminating the need for surgical removal, and coatings that make the robots compatible with human tissue. And while robots the size of sand grains work for some applications, Wie says that they will need to be shrunk to nano scale to cross biological barriers, such as cell membranes, or bind to specific molecular targets, like surface proteins or receptors on cancer cells.
Some researchers are even exploring emergent intelligence — "when simple machines, following only a few local cues, begin to organize and act as if they share a mind...beyond human-designed coordination."

Thanks to long-time Slashdot reader fjo3 for sharing the article.

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.

An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.
Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas.

But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes....

"What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...."

LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.
From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.
Thanks to Slashdot reader spatwei for suggesting the topic.

According to the Wall Street Journal, SpaceX is reportedly poised to secure a $2 billion Pentagon contract to develop hundreds of missile-tracking satellites for President Trump's ambitious Golden Dome defense system. The Independent reports: The planned "air moving target indicator" system in question could ultimately feature as many as 600 satellites once it is fully operational, The Wall Street Journal reports. Musk's company has also been linked to two more satellite ventures, which are concerned with relaying sensitive communications and tracing vehicles, respectively.

Golden Dome, inspired by Israel's "Iron Dome," was announced by Trump and Secretary of War Pete Hegseth at the White House in May and will amount to a complex system of satellites and weaponry capable of destroying incoming missiles before they hit American targets. The president promised it would be "fully operational" before he leaves office in January 2029, capable of intercepting rockets, "even if they are launched from space," with an overall price tag of $175 billion.

Amazon is planning to cut as many as 30,000 corporate jobs beginning Tuesday, as the company works to pare expenses and compensate for overhiring during the peak demand of the pandemic, Reuters reported Monday, citing sources familiar with the matter. From the report: The figure represents a small percentage of Amazon's 1.55 million total employees, but nearly 10% of the company's roughly 350,000 corporate employees. This would represent the largest job cut at Amazon since around 27,000 jobs were eliminated starting in late 2022.